CVE-2020-37136
Buffer Overflow in ZOC Terminal 7.25.5 Causes DoS
Publication date: 2026-02-05
Last updated on: 2026-02-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| emtec | zoc_terminal | 7.25.5 |
| emtec | zoc_terminal | to 7.25.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2020-37136 is a denial of service vulnerability in ZOC Terminal version 7.25.5. It occurs in the private key file input field when creating SSH key files. An attacker can exploit this by inputting a specially crafted 2000-byte buffer into the private key file input, which causes the application to crash and become unresponsive.
How can this vulnerability impact me? :
This vulnerability can cause the ZOC Terminal application to crash and become unresponsive, resulting in a denial of service condition. This means legitimate users will be unable to use the application to create SSH key files until it is restarted, potentially disrupting workflows that depend on this functionality.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability is triggered locally on the affected system by exploiting the "Private key file" input field during the creation of SSH key files in ZOC Terminal version 7.25.5.'}, {'type': 'paragraph', 'content': 'To detect the vulnerability, you can attempt to reproduce the denial of service condition by running a test similar to the known exploit:'}, {'type': 'list_item', 'content': 'Run a Python script that generates a 2000-byte buffer of "A" characters (e.g., "\\x41" * 2000) and save it to a text file.'}, {'type': 'list_item', 'content': 'Copy the contents of this text file to the clipboard.'}, {'type': 'list_item', 'content': 'Open ZOC Terminal, navigate to File > Create SSH Key Files.'}, {'type': 'list_item', 'content': 'Paste the buffer into the "Private key file:" input field.'}, {'type': 'list_item', 'content': 'Click "Create public/private key files..." and observe if the application crashes or becomes unresponsive.'}, {'type': 'paragraph', 'content': 'This sequence effectively tests for the presence of the vulnerability by reproducing the denial of service condition.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include avoiding the use of the "Private key file" input field with untrusted or oversized input buffers in ZOC Terminal version 7.25.5.'}, {'type': 'paragraph', 'content': 'Since the vulnerability requires local user interaction, restricting access to the affected application and limiting user permissions can reduce risk.'}, {'type': 'paragraph', 'content': 'Monitor for application crashes related to SSH key file creation and avoid pasting large or malformed data into the private key file input.'}, {'type': 'paragraph', 'content': 'Check for updates or patches from the vendor (https://www.emtec.com) that address this vulnerability and apply them as soon as they become available.'}] [1, 2]